From owner-freebsd-security Mon Feb 24 8:27:51 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEC3937B401 for ; Mon, 24 Feb 2003 08:27:48 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9DD243FE9 for ; Mon, 24 Feb 2003 08:27:47 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 6AE366E; Mon, 24 Feb 2003 10:27:47 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 5867578C3E; Mon, 24 Feb 2003 10:27:47 -0600 (CST) Date: Mon, 24 Feb 2003 10:27:47 -0600 From: "Jacques A. Vidrine" To: Alexandr Kovalenko Cc: freebsd-security@freebsd.org Subject: Re: Fwd: buffer overrun in zlib 1.1.4 Message-ID: <20030224162747.GB87372@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Alexandr Kovalenko , freebsd-security@freebsd.org References: <20030224160844.GE82145@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030224160844.GE82145@nevermind.kiev.ua> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Feb 24, 2003 at 06:08:44PM +0200, Alexandr Kovalenko wrote: > ----- Forwarded message from Richard Kettlewell ----- > > Date: Sat, 22 Feb 2003 00:05:47 +0000 > From: Richard Kettlewell > X-Mailer: Norman > To: bugtraq@securityfocus.com > Subject: buffer overrun in zlib 1.1.4 > X-Mailer: VM 7.03 under 21.4 (patch 6) "Common Lisp" XEmacs Lucid > > zlib contains a function called gzprintf(). This is similar in > behaviour to fprintf() except that by default, this function will > smash the stack if called with arguments that expand to more than > Z_PRINTF_BUFSIZE (=4096 by default) bytes. Nothing in the base system uses gzprintf, AFAIK. If applications are found that use it (and do not check Z_PRINTF_BUFSIZE), then please let us know. When an official zlib patch or new version is available, we'll import it. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message